Information security for employee self service application using AHP model / Yuhasnita Md Yusop

This study aims to build an AHP model for Audit trail decision making. Employee Self Service (ESS) is a crucial application to manage. It's became a concern on information security. Even Malaysia Airlines have a policy and guide on information security but the information threat still happen. Auditor is a responsible person to evaluate the threat risk on information system. Each information system has different technical aspects that need to evaluate. Therefore, the general decision model needs to build. The primary objective is to build an AHP model of audit trails decision making that will provide a holistic security system specifically for a Malaysia Airlines System (MAS).Case study have used as a method in the case on Malaysia Airlines. The approaches include a document review and interview. A document review documentation that describes Malaysia Airlines information security management system for example policy, procedures, guidelines reviewed and literature review to identify the controls that are related to audit. An interview conducted at the Malaysia Airlines provided insight into the perceived understanding of information security and information system audit. The purpose on the interview is to verify all the information from document review. An interview and document review results were used to build important scale question and respondent will evaluate the scale of important base on their expertise. A study approach has been adopted by Man's AHP model. On analysis part we have done two pairwise comparisons which are on criteria (management, technology, culture, economy) and alternative (confidential, integrity, availability). Based on final results, we get a value for confidential, integrity and availability. The focus alternative is on a highest value because it's need an attention on a information security aspect by organization. Base on analysis result overall priority of alternatives with respect to criteria, confidential get the highest value and second priorities is on integrity and availability. It's clearly found that decision makers must consider the importance of confidentiality of the information and the systems. The AHP model on this research is recommended to use by other organization. However, the results may be different according to the type of organization and security threats they face.